tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.

How do I capture network packets to a file?

By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:# tcpdump -i eth0 -w traffic.eth0

How do I read packets from a file?

The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:# tcpdump -r traffic.eth0